Description of problem: Format Card operation for user card also formats a security officer card. Version-Release number of selected component (if applicable): CS 8.0 How reproducible: Steps to Reproduce: 1. Enroll 2 security officer tokens, SOfficer1 and SOfficer2. 2. Login to SO workstation using SOfficer1 token. 3. Click on Format Card and insert SOfficer2 token. 4. Click Format Actual results: Formats the SOfficer2 card. Expected results: Should not format SOfficer2 token, an Error message Format key failed should be displayed. Additional info:
Created attachment 344308 [details] TPS UI fixes for this issue.
Created attachment 344310 [details] TPS Base fixes for this issue.
Created attachment 344311 [details] New file tps/forms/esc/cgi-bin/sow/is_agent.cgi
Created attachment 344312 [details] tps/forms/esc/cgi-bin/sow/is_user.cgi
attachment (id=344308) attachment (id=344310) attachment (id=344311) attachment (id=344312) +mharmsen CAVEATS: * - functions look for a lower-case sensitive "uid=" that is extracted from an input parameter, $dn. Although the current system always passes in a $dn variable that is lower-case, it may be better to convert the input parameter $dn to all lower-case prior to processing it. * - the variable name $hostport is a confusing name for a variable that only contains the hostname
TPS UI changes Sending cgi-bin/sow/cfg.pl Sending cgi-bin/sow/format.html Sending cgi-bin/sow/formatso.html Transmitting file data ... Sending esc/sow/util.js Transmitting file data . Committed revision 471. Sending dogtag-pki-tps-ui.spec Transmitting file data . Committed revision 472. BASE TPS changes Sending sow/cfg.pl Adding sow/is_agent.cgi Adding sow/is_user.cgi Transmitting file data ... Committed revision 473. Sending pki-tps.spec Transmitting file data . Committed revision 474.
Fixes above should address this issue.
Verification failed. A security officer token gets formatted when a Format card operation in SO work station is performed on a security officer token.
This was a matter of a couple of .cgi files not being included in the tps rpm. This simple problem has been fixed. The next build should show this working correctly.
Created attachment 347772 [details] ESC portion to really fix this issue. It turns out that the uid of the user's certificate was not being correctly read from the token. The feature to see if the token's owner is a Security Officer or regular user, depends upon this.
Created attachment 347785 [details] Patch to tps-ui to fix this issue. Dogtag tps-ui changes.
attachment (id=347772) attachment (id=347785) +mharmsen
$ cvs -d :ext:jmagne.redhat.com/cvs/dirsec commit -m "Bugzilla #4910 19 Security Officer: Format Card operation to format a user card also formats a security officer card." ESC commits: Enter passphrase for key '/home/jack/.ssh/id_rsa': Checking in app/xpcom/rhCoolKey.cpp; /cvs/dirsec/esc/src/app/xpcom/rhCoolKey.cpp,v <-- rhCoolKey.cpp new revision: 1.11; previous revision: 1.10 done Checking in app/xpcom/rhICoolKey.idl; /cvs/dirsec/esc/src/app/xpcom/rhICoolKey.idl,v <-- rhICoolKey.idl new revision: 1.8; previous revision: 1.7 done Running syncmail... Mailing relnotes... ...syncmail done. Running syncmail... Mailing cvsdirsec... ...syncmail done. Checking in app/xul/esc/application.ini; /cvs/dirsec/esc/src/app/xul/esc/application.ini,v <-- application.ini new revision: 1.9; previous revision: 1.8 done Running syncmail... Mailing relnotes... ...syncmail done. Running syncmail... Mailing cvsdirsec... ...syncmail done. Checking in lib/coolkey/CoolKey.cpp; /cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v <-- CoolKey.cpp new revision: 1.10; previous revision: 1.9 done Checking in lib/coolkey/CoolKey.h; /cvs/dirsec/esc/src/lib/coolkey/CoolKey.h,v <-- CoolKey.h new revision: 1.8; previous revision: 1.7 done Checking in lib/coolkey/NSSManager.cpp; /cvs/dirsec/esc/src/lib/coolkey/NSSManager.cpp,v <-- NSSManager.cpp new revision: 1.6; previous revision: 1.5 done Checking in lib/coolkey/NSSManager.h; /cvs/dirsec/esc/src/lib/coolkey/NSSManager.h,v <-- NSSManager.h new revision: 1.5; previous revision: 1.4 done Running syncmail... Mailing relnotes... ...syncmail done. Running syncmail... Mailing cvsdirsec... ...syncmail done.
svn commit -m "Bugzilla Bug #491019 - Security Officer: Format Card operation to format a user card." Sending dogtag/tps-ui/dogtag-pki-tps-ui.spec Sending dogtag/tps-ui/shared/cgi-bin/sow/formatso.html Sending dogtag/tps-ui/shared/docroot/esc/sow/util.js Transmitting file data ... Committed revision 610.
Issue fixed in next build of ESC and TPS.
Verified. Doing format card operation by providing a Security Officer token shows a dialog box with message "You can't Format a card that belongs to another Security Officer!".